CVE-2017-7989Unrestricted File Upload in Joomla !

CWE-434Unrestricted File Upload3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.0%
top 99.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Joomla !
Timeline
PublishedApr 25
Latest updateMay 17

Description

In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type checks allowed low-privilege users to upload swf files even if they were explicitly forbidden.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDjoomla/joomla_!28 versions+27

Patches

Patch: developer.joomla.orgPatch: developer.joomla.org

🔴Vulnerability Details

2
GHSA
GHSA-qpjh-5v68-gc8g: In Joomla! 32022-05-17
CVEList
CVE-2017-7989: In Joomla! 32017-04-25
CVE-2017-7989 — Unrestricted File Upload in Joomla ! | cvebase